VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-rbc8-vjkw-rugz

Essentials
Severities (25)
References (13)
Severity details (23)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-rbc8-vjkw-rugz
Aliases	CVE-2016-2156 GHSA-h8vc-v44p-5r2q
Summary	Moodle provides calendar-event data without considering whether an activity is hidden calendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated users to obtain sensitive information via a web-service request.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	4.3	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52808
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52808
epss	0.00321	https://api.first.org/data/v1/epss?cve=CVE-2016-2156
epss	0.00321	https://api.first.org/data/v1/epss?cve=CVE-2016-2156
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-h8vc-v44p-5r2q
cvssv3.1	4.3	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle
cvssv3.1	4.3	https://github.com/moodle/moodle/commit/39b851376337b853c8d403dcba64645d16f0a9bd
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/39b851376337b853c8d403dcba64645d16f0a9bd
cvssv3.1	4.3	https://github.com/moodle/moodle/commit/783e695e00689d67925d6f83722d344c0bd6de94
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/783e695e00689d67925d6f83722d344c0bd6de94
cvssv3.1	4.3	https://github.com/moodle/moodle/commit/854e7b8ed0a84eb91ca455ca290427d22bc20baf
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/854e7b8ed0a84eb91ca455ca290427d22bc20baf
cvssv3.1	4.3	https://github.com/moodle/moodle/commit/c631b112d6e729c84f5d559371a399fe54502ba3
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/c631b112d6e729c84f5d559371a399fe54502ba3
cvssv3.1	4.3	https://github.com/moodle/moodle/commit/d63ac148b95e5f909618e75efd76f6b5032da158
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/d63ac148b95e5f909618e75efd76f6b5032da158
cvssv3.1	4.3	https://moodle.org/mod/forum/discuss.php?d=330178
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=330178
cvssv3.1	4.3	https://nvd.nist.gov/vuln/detail/CVE-2016-2156
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2016-2156
cvssv3.1	4.3	https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333
generic_textual	MODERATE	https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333
cvssv3.1	4.3	http://www.openwall.com/lists/oss-security/2016/03/21/1
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2016/03/21/1

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52808
		https://api.first.org/data/v1/epss?cve=CVE-2016-2156
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/39b851376337b853c8d403dcba64645d16f0a9bd
		https://github.com/moodle/moodle/commit/783e695e00689d67925d6f83722d344c0bd6de94
		https://github.com/moodle/moodle/commit/854e7b8ed0a84eb91ca455ca290427d22bc20baf
		https://github.com/moodle/moodle/commit/c631b112d6e729c84f5d559371a399fe54502ba3
		https://github.com/moodle/moodle/commit/d63ac148b95e5f909618e75efd76f6b5032da158
		https://moodle.org/mod/forum/discuss.php?d=330178
		https://nvd.nist.gov/vuln/detail/CVE-2016-2156
		https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333
		http://www.openwall.com/lists/oss-security/2016/03/21/1
GHSA-h8vc-v44p-5r2q		https://github.com/advisories/GHSA-h8vc-v44p-5r2q

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52808

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle/commit/39b851376337b853c8d403dcba64645d16f0a9bd

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle/commit/783e695e00689d67925d6f83722d344c0bd6de94

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle/commit/854e7b8ed0a84eb91ca455ca290427d22bc20baf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle/commit/c631b112d6e729c84f5d559371a399fe54502ba3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle/commit/d63ac148b95e5f909618e75efd76f6b5032da158

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://moodle.org/mod/forum/discuss.php?d=330178

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-2156

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2016/03/21/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.54485
EPSS Score	0.00321
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:25:56.467977+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h8vc-v44p-5r2q/GHSA-h8vc-v44p-5r2q.json	36.1.3